Smell of Data

The sense of smell helped early humans to survive. But now that our hunting and gathering has moved to the digital environment, our noses can no longer warn us of the lurking dangers in the online wilderness.

The Smell of Data is a new scent created to instinctively alert internet users of data leaks on personal devices.

A project by Leanne Wijnsma and Froukje Tan.

Learning from gas

In 1937, as a result of an unnoticed gas leak, a huge explosion occurred at the New London School in Texas, killing 295 students and teachers. After this tragic accident, the government decided to add a smell to scentless gasses to make leaks more readily detectable and to prevent similar tragedies. Since then, the number of explosions involving gas have dropped immensely.

Sensing leaks

Gas has no smell. Data has no smell. As recent privacy violation incidents show, data leaks can have serious consequences. That is why we developed the Smell of Data to warn Internet users of data leaks.

Association

Smell is directly hardwired to the brain and it can call up action almost instantaneously. When the Smell of Data is associated with data leakage it will be able to function as a warning mechanism.

The code is released under Creative Commons: Github.
For the smell, contact Leanne Wijnsma.

Please contact us with ideas, code or future applications.

Amsterdam, 2017.

The Smell of Data is made possible by

And is currently supported by and further developed in collaboration with

A few hands-on tips to create a safer online environment for you and your data.

1. Only use secure websites

While surfing the web, you likely will stumble upon many unsecured websites. These sites pose a serious risk of data theft or privacy violation. When you are using an unsecured website, all data that is exchanged between the website-server and you, the internet user, is up for grabs. This means anyone is able to see your internet activity and steal your sensitive information such as passwords or private messages.

Keeping your data secure is important for many reasons, but one of the biggest risks of using an unsecured website is identity theft. With your personal information, someone can pretend to be you. With your login info, someone can send emails from your account, order things while paying from your bank account, or steal your money. Hackers can also spoof websites, so you might think you are on your banking website, but you might actually on the hackers fake website. This is why it’s so important to make sure your web surfing is secure. [Tips][Hide tips]

1: https://
Always check that the website you are using is secured. You can recognize an unsecured website by the web address: when it starts with HTTP (without an “s” at the end) and it shows no lock or an open lock in front of the web address you have to be careful, as this means it has not been secured. If you are on an unsecured website, make absolutely sure that you are not leaving any information behind that you want to keep private, such as passwords or credit card information. Online banking especially is very risky.

Secured websites, on the other hand, start with HTTPS and/or show a closed lock. These websites are safe because they bought an SSL Certificate which means that all data that is exchanged between the website server and the internet user is encrypted. The data is encoded in such a way that only authorized parties can read it.

2: HTTPS Everywhere
Install the browser add-on HTTPS Everywhere. It is a Firefox, Chrome, and Opera extension that enforces websites which offer both HTTPS and HTTP to always serve you the HTTPS version of their website. It cannot make your connection secure if they do not have an SSL certificate at all, but overall it makes your browsing more secure.

3: Tor
Use the Tor browser instead of the regular internet browser you normally use. Tor is a browser that can be downloaded for free. When you’re browsing with the Tor browser no one will be able to see what you are doing over the network, what computer you are using or where you are located. All your data is secure.

2. Use Public Wifi Safely

What makes a free WiFi hotspot desirable for consumers is exactly what makes it desirable for hackers: it requires no authentication to establish a network connection. With just one simple tool your data can easily be seen by anyone nearby. This makes it super easy for a hacker to steal your data because when you send information over the free wifi network, it can be rerouted directly to the hacker without you even knowing it. Every piece of information you are sending out on the Internet, including personal emails, credit card information and passwords, can end up on someone else’s screen. The only way to prevent this is to use Tor or only visit HTTPS websites. In the latter case, the hacker might see you visit a particular website but will not be able to access the information that is exchanged. [Tips][Hide tips]

1: 3G/4G
Make use of your own data bundle instead of the available free WiFi when you want to use the internet in public areas.

2: VPN
Still need to log on to an unprotected WiFi network? Use a VPN, that is a virtual private network that works like a tunnel. With a VPN it looks like you are somewhere else. The data you send and receive over a network with a VPN will be very difficult to hijack. iPredator, OpenVPN or AirVPN are services you can use to obtain a VPN. You can also use Tor.

3: Secure websites
When you can’t install a VPN and can’t use your private data bundle, make absolutely sure you watch out for unsecured websites over an unprotected WiFi network (see leak #1). Data you send over a website with an SSL connection is encrypted, so even if you are on a public network hackers won’t be able to steal your information. However, they will still be able to read your IP address and see the (secured) websites you are visiting.

4: WiFi Assistant
Keep the WiFi function off when you don’t need it. Even if you haven’t consciously connected to the network, your device remembers networks you’ve connected to in the past and connects automatically when it finds one. When your device searches for available WiFi networks, it automatically sends out the names of WiFi networks you connected to in the past. Hackers can then read your previous network names and can set up a network with one of those names, so you might accidentally log on to their device even if your phone is in your pocket. By turning off the WiFi function of your phone when you don’t need WiFi, you will never inadvertently leak data over the network. You can also install an app like WiFi Assistant (Android only) that automatically turns off the WiFi function of your phone when you leave your trusted areas like home or your office. Or use a Wifi cleaner that makes your phone forget all open networks you ever made a connection with.

3. Stop Online Tracking

Cookies are small text files that are placed on your computer by the websites you visit. When you accept cookies, you allow servers to identify you and remember things about you. Cookies are inherently harmless. They are actually a fundamental part of how the web works. The problem with cookies however is that they are used to track you. Everything you do online—every word you type and every Like you click—tells something about you. Detailed profiles are built based on your interests, spending habits, searches, etc. In this way a handful of big companies hold an enormous amount of personal data about millions of people. Depending on your browsing behavior it might also know your sexual orientation, what political party you support or if you have a medical problem. The collected data is being saved and sold to deliver targeted ads. But a huge risk of this data sharing is data discrimination. Based on the personal profile that is created for you, you might be charged differently than others for the same products. Imagine a hotel that is more expensive for you to book because of the street you live on or because of previous searches. Or a more extreme example: the price of your health insurance going up because of your personal data profile which reflects your health history. Another risk is ending up in the Filter Bubble. Because suggestions are only based on previous online activity, internet users can become separated from information that disagrees with their viewpoints, keeping them isolated inside a cultural and ideological bubble as a result. [Tips][Hide tips]

1: Delete browsing history
In the settings of your browser you can automatically delete your browsing history and you can control how your browser handles cookies. You can either block cookies entirely or you can choose only to block third-party cookies. In some web browsers you are also able to activate anonymous surfing. Firefox is recommended as your standard web browser as it gives you the most flexibility to adjust the settings to your standard.

2: Tor
Use the Tor browser so you never leave any traces anywhere on the web. Tor defends against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Check the “visiting unsecured websites” section for more info.

3: DuckDuckGo
Instead of a using Google, use DuckDuckGo, a search engine that doesn't track you. In the settings of your browser you can set this search engine as a default. Do you still want to use Google sometimes? In DuckDuckGo type in “Peanutbutter !google” or “Peanutbutter !g” to redirect you. You will still leave less of a trace than you would in a direct Google search.

4: Cookie blocker
Install a cookie blocker. Examples of good plugins and apps are uBlock and Privacy Badger.

4. Know what you agree with

Terms of service are often too long to read. Clicking the “agree” button of a site, service or platform without going through the document of legal guidelines, rules and permissions happens all the time. The bright blue or happily green “agree” button tells your instinct that you can trust it. But there are a few things you're agreeing to, hidden in the 10 page document, that might change the way you use the web. Using a service without knowing much about its privacy policy can be risky. You often give permission for a service to use your photos and videos for whatever they want (i.e. Facebook) or you allow a company to track your IP address, location, and webpages you visited (i.e. Twitter, Google). Your personal information can easily end up in places you are not aware of. [Tips][Hide tips]

1: TOS;DR
Check Terms of Service Didn’t Read’s website or install their browser plugin. A team of experts read and classify the Terms of Service of major websites and highlight the most essential parts. It gives you a perfect overview of what you actually sign up for when hitting that “agree” button.

2: Be selective
Be careful about what you post online. Don’t post messages or images that can be or could become sensitive. What’s online stays online forever.

3: Alternatives
Look for alternatives. Use DuckDuckGo instead of Google. Use Diaspora instead of Facebook. Signal instead of WhatsApp. OpenStreetMap instead of Google Maps. Use SpiderOak instead of Google Drive or Dropbox. These alternative services have better privacy features and decentralize your personal data.

5. Leave no trace

Location tracking technology is becoming more and more common. A prime source of personal location data leakage is your very own cellphone. Marketers want to know your whereabouts at any time. Targeted ads can be sent to you right when you enter a specific aisle in the grocery store. Are the small daily choices we make still our own or based on an alghorhitm? Also governments have the ability to keep track of your location data and always know where you are, including going back in time to track where you were. All of a sudden the location of your device might turn out to be evidence for something you weren’t even aware of. GPS data is not always correct. In addition to these personal risks, the fact that all of our phones together can precisely highlight where a large crowd of people are in any given moment can also be risky. The data can be used commercially or for city planning, but also for crowd control or even possible attacks. Thankfully there are some easy steps to take to stop location tracking. Ensure that Big Brother stays out of your pocket by protecting your physical location. [Tips][Hide tips]

1: Turn off location tracking
Turn off location tracking in the settings of your cellphone. If you use an app that needs your current locations (Maps for example) simply don’t forget to turn it off again afterwards.

2: Turn WiFi off
Turn off the WiFi function of your device when you don’t need it. When your device is searching for available networks it automatically sends out its IP address and in this way your exact route can be traced. Retailers often keep track of your location like this.

3: Turn Bluetooth off
Bluetooth is used in the same as WiFi to track you, so make sure it is always off unless you are using it.

Further tips
Privacy settings update constantly. Make sure you are always up to date by keeping an eye on websites such as toolbox.bof.nl and ssd.eff.org